Get rid of issues that represent a risk for your reputation or add up to your technical debt. Keep Security Hotspots (potential threats that need a human review) on the radar.


SonarCloud uses API Key based auth, a developer-friendly delegated access protocol. Quolum has already connected the necessary wires with SonarCloud. Using a sequence of click-throughs, your organization's administrator allows Quolum to make API calls to SonarCloud without getting access to passwords.

Step 1: Initiate a connection to Readme

Click the Connect button from the Connections card. If you are not an admin, you can invite your organization's SonarCloud admin to make a connection to your SonarCloud organization account. When you click on the Connect button, the web browser will navigate to the SonarCloud login page.


Quolum Catalog: SonarCloud App

Step 2: Log in to SonarCloud

Log in to SonarCloud using your organization's credentials. The exact login mechanism may depend on your SonarCloud plan, and the sign-in mechanism used. You may have corporate SSO such as Azure AD, GSuite, or Okta along with multi-factor authentication. Once you have successfully logged-in you can find the API Key and API Secret as mentioned below in Step 3.


SonarCloud Authentication

Step 3: Back to Quolum

Once you have granted access to Quolum, SonarCloud is going to send you back to Quolum's page in Step 1, where you started. The Connect button on the Connections card would now say Reconnect. Reconnect is used to reauthenticate under circumstances where the access has expired.

Under the hood

Using the OAuth protocol, Quolum now has delegated access to your SonarCloud Workspace. The Quolum server, running on Amazon AWS VPC, will be able to make API calls and retrieve feature-level utilization. Later, this data is crunched and available for visualization on the Quolum dashboard.